Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

Background: I've written my own kernel extension that works in similar manner to Little Snitch, but does a lot more, including SSL MITM and on-demand packet capture, that I've been using for more than 10 years now.

It's a fact that Apple has continuously moved to lock down macOS in ways that are antithetical to folks that want full control over their operating system. To many of us that moved on from Linux on the desktop, the combination of a stable/uniform/attractive desktop environment with a Unix core that had great developer documentation -no longer the case!- and nicely-designed APIs was too much to resist. Unfortunately, the push towards consumers and Apple's increasingly one-sided my-way-or-the-highway approach (fueled by security concerns that to me are completely irrelevant, if not a huge annoyance and waste of time) means that a lot of us oldschool Unix hackers were left out in the cold.

I don't plan to upgrade past Mojave and at some point in the future I will move back to Linux.

I just moved from Macos to Linux. The Linux desktop experience has improved a lot in the past five years (at least KDE has).

Linux on the desktop and Linux on the laptop (heh) has definitely improved. It _sometimes_ needs a little tweaking to get it right, but KDE/Plasma also happens to offer that level of "tweakability" that should satisfy almost all semi-mainstream users (at least anyone coming from Windows or Mac).

Compared to my first Linux laptop (a Sony Vaio circa 2000), my current XPS 13 works as well as any Mac laptop I have ever owned, and all the hardware that you would "expect" to work (but probably didn't work as smoothly 10 or 20 years ago) Just Works (WiFi, external displays, excellent battery life/sleep, etc...)

Based on the complaints I have heard about Apple hardware and MacOS over the past few years, I'd even argue that Linux-on-the-desktop isn't any less stable or harder to get working than a Mac.

The linux desktop experience is still quite in a state. I will likely do the same and suffer Linux, but I think many will go back to windows as WSL continues to improve.

Apple is going to lose developers.

I switched to Windows and been working exclusively on WSL2. It is pretty decent and I'm glad I got out of Apple ecosystem.

I try the major DEs every few years to see if they fit me, most recently trying the newest KDE and GNOME versions in a VM about a month ago. Both have improved for sure, but they still have a long way to go… GNOME actually came closest but its customizability level is even lower than that of macOS, even factoring in extensions.

Both suffer from a laundry list of minor annoyances that snowball into something that's hard to ignore, and in KDE's case the UX design they employ just doesn't jive with me at all.

It's all enough that I end up coming back to macOS because despite its problems, it fits me in ways that nothing else even comes close to touching. Sometimes it feels like there will never be a macOS alternative that has what it takes for me to switch without feeling a major sense of loss.

Just wanted to add another compliment for KDE (specifically Plasma). I've been using KDE Neon as my daily driver for a few months now and it's amazing. Connects to my android device to share notifications and clipboard content, is heavily customizable and themeable, the whole OS feels very snappy and uniform in terms of UI/UX, and installing alongside Win10 and macOS in a hackintosh setup with full LUKS disk encryption was a snap through the installer GUI. Absolute 10 out of 10.

Is your kernel extension public?

hahaha. I also don’t plan to upgrade past Mojave. To me Catalina was a trainwreck and at this point I think I’m loosing a lot of trust I used to put in Apple.

this is compounded by the fact that I love Little Snitch and it has basically exponentially improved my life when it comes not only to browsing the web but when using any app on mac.

“folks that want full control over their operating system” and “walware authors” want too much of the same thing.

I think everyone would appreciate ideas for solutions.

Same! I purchased a Razer Blade Stealth 13 and put Linux Mint on it end of 2019. I have been really pleased with the entire thing. I don't do anything crazy (web browsing, simple budget spreadsheets, watching videos, viewing family photos) and it works perfectly. I was an avid mac user for many years because of bash/BSD but the march toward locked-down hardware and software really pushed me away. The only thing I miss are the glass trackpads and the fantastic gesture support.

Try Linux Mint with xfce. Really nice out of the box.

I tried catalina and... why? why did they dumb down mail? This is like the beige apple box era all over again. lame decision after lame decision and everything turns to mud.

Same experience. I tried, but Linux just isn’t ready to be used as a general OS right now.

I’ve dug through message boards and bug reports, and a lot of the features that MacOS has will never be implemented. I’m taking about features released 13+ years ago on OS X 10.4.

I've become a huge fan of Linux Mint. It looks amazing and unlike before now there are no driver related issues (the thing that kept me from using it all this time).

The only thing I miss is Photoshop but I really can't think of a single reason besides that to not use Linux anymore.

I'll second this sentiment.. After setting up WSL2 I figured I would move between my iMac and my Windows machine, and I honestly haven't touched my iMac in forever for any dev work.

I'll miss some apps like Omnigraffle (not looking for alternate suggestions thanks), but I can live with that if it means using an OS that respects me enough to let me control it the way I want.

Tried PopOS from System76 recently? It's IMHO the current best user experience of Gnome.

You have even less control over the OS with Windows 10. Why would anyone move from Mac to Windows for a daily desktop env?

> I've written my own kernel extension that works in similar manner to Little Snitch, but does a lot more, including SSL MITM and on-demand packet capture, that I've been using for more than 10 years now.

I'd be interested to read more about this, and maybe even use your kext. I'm currently MITM'ing all of my SSL traffic[1] for a different, esoteric reason: I insist on using a 7-year-old version of macOS, and it doesn't natively support modern SSL ciphers, so I have to add it in with an mitm proxy.

I've run into a handful of issues with various software that I've had to work through as they arise, but if you've been doing this for ten years you've probably seen it all already.

1: https://forums.macrumors.com/threads/fixing-maverickss-outda...

How is desktop search? Spotlight (mac desktop search) is a killer feature for me -- fast, reliable, smooth, all straight out of the box. Meanwhile, I've wasted many hours trying to get desktop search up to the same standard on Windows and Linux. That was years ago (for linux, at least), hopefully things have improved. How is linux desktop search doing today?

elementary OS’s Pantheon seems to be the closest DE to macOS’s Aqua

> a lot of the features that MacOS has will never be implemented

Care to name any? Other times I’ve heard things like this on HN I’ve been able to locate them.

You don't need control over things that already work how you want them to.

Is there a 'little snitch' for desktop linux with the speed of it's UI in setting networking rules?

There was a bunch of stuff broken by local file security stuff I'm guessing.

> Same experience. I tried, but Linux just isn’t ready to be used as a general OS right now.

Highly, highly subjective. I use Linux as my main OS and have for many years.

let me rephrase that for you: some things actually worked when it was initially released :(

Agreed. I've used Linux full time on the desktop, laptop, and on the server for over 10 years now and I have a better experience there than mac (which I had to use on my work machine for 6 months due to employer only allowing macs).

Of course everything is not perfect, but that wasn't true in mac either. I had to hack and shim so many things to get my system to behave the way I wanted to. There were also horrible bugs like where plugging in an external (Apple branded) monitor would cause the laptop screen to go black forever until I held down the power button.

Require the user to authenticate, then provide full control? Yes this provides a vulnerability pathway, but it's not like Apple software updates don't already provide this type of access.

I'd be interested in the features that you were missing as well.

I just bought parts for a desktop that's literally 4x cheaper than a similarly specced Mac Pro with the usual caveats (Ryzen instead of Xeon, non ECC, etc.) It will have to be pretty rough for me to consider investing anything beyond a Mac Mini so I can have access to Xcode once my MBP dies.

We are working on an alternative for both Linux and Windows: https://safing.io/portmaster/

Not only is it an application firewall, but also gives you DNS filtering (ie. Pi-Hole basics) and DNS-over-TLS.

Not sure what you mean with "the speed of it's UI ..." though.

I have, in fact I had it installed directly on one of my towers a few months ago to make sure that no weird VM shenanigans were futzing things up.

It was one of the smoother GNOME distros, and its installer was far more competent than Ubuntu's (mainly, it didn't screw with the boot partitions of every drive in the system like Ubuntu's installer did). Ultimately though, GNOME itself is flawed in its approach to a few things.

> I'd be interested to read more about this

Yeah, me too!

There's OpenSnitch [1].

[1] https://github.com/gustavo-iniguez-goya/opensnitch

> Both suffer from a laundry list of minor annoyances that snowball into something that's hard to ignore

This sounds just like your familiarity. I could have used the exact same sentence to describe how I feel using macOS for work after being used to Linux (GNOME) for 8 years.

When you use something for a while you learn to avoid all the bugs and the UX starts to feel natural. Any switch will end up in you running into new bugs and finding the UX odd, no matter if it is to or from macOS, Windows, GNOME, KDE or otherwise.

I would say that I run into 10x more bugs on macOS than GNOME. But that probably isn't because there are 10x more bugs. There is likely a comparable number on GNOME but I have learned to subconsciously avoid most of them.

Works pretty well on Plasma Desktop. I use it all the time to find files via KRunner.

KDE's search is very, very fast and at least on the latest KDE, just works.

I would suggest looking into MATE or XFCE if you haven't, or even a tiling window manager like i3.

Or MATE on an older laptop. Linux Mint is great!

A big one I will sorely miss as I transition to Linux (and it's the only one I can think of right now), is the ability to rename and move around files while they are open!

OK here's another, very related: the ability to have apps remember their open files when you quit and re-open them.

These are significant productivity boosters, and I will miss them. It's definitely a trade-off, but now Apple has tipped the scales too much in favour of Linux...for me.

In my experience it's mostly "convenience" / "nice to haves" related to "modern things" such as entertainment. Of course, this excludes any specialty software you may need that may be unavailable for Linux, but I suppose that's not your case since you're considering this.

For example changing from a low-resolution (non-hidpi) screen to a hidpi one doesn't work that great. You want to watch netflix or prime video in FHD? Not going to happen (although, admittedly, that's not linux's fault but a DRM-related decision).

I've noticed that, as usual, all this is highly dependent on what one does with the computer. If it's a laptop often used with a high resolution external screen and for on-line media consumption, the experience can be less than ideal. If it's a working computer used in fixed conditions, the experience can be outright great. My "work" computer is a desktop linux with a UHD screen and I absolutely love working on it. But for random hanging around on the internet, watching a movie or whatever, I'll grab my macbook.

I switched back to linux two years ago for exactly the same reason.

It was painful at first, but it's worth it. The only things I still miss are the visual feedback in the UI (lots of little stuff) and the feel of the trackpad.

But the customizability has more than made up for that in productivity. Like being able to edit the source code for the window manager.

Both of those things work under Linux for me. I guess it depends on the apps?

Can you give examples of which apps you noticed it working for? and what desktop environment/distro? I will most certainly test.

Little Snitch is the only thing keeping me on macOS.

How do we go about replicating this sort of per-process network visibility/permission on Linux?

This is so vague that I want to downvote this comment as irrelevant.

Apologies, it's deeper than it seems at first glance. If I were to elaborate, the resulting writeup would be better suited for a blogpost than an HN comment.

VSCode and Sublime Text remember the files they had opened. And renaming files while they are played back works fine with mpv.